Repository: knox Updated Branches: refs/heads/master ed0ec11e2 -> 9fd0be126 KNOX-1210 - Fix token expiration for XHR request Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/9fd0be12 Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/9fd0be12 Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/9fd0be12 Branch: refs/heads/master Commit: 9fd0be12685ecd844cdaeef07f68478cad96d5a4 Parents: ed0ec11 Author: Sandeep More Authored: Tue Mar 20 16:04:27 2018 -0400 Committer: Sandeep More Committed: Tue Mar 20 16:04:27 2018 -0400 ---------------------------------------------------------------------- .../jwt/filter/SSOCookieFederationFilter.java | 37 ++++++++++++++------ 1 file changed, 26 insertions(+), 11 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/9fd0be12/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java index dbdb364..21f5641 100644 --- a/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java +++ b/gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/SSOCookieFederationFilter.java @@ -17,8 +17,13 @@ */ package org.apache.knox.gateway.provider.federation.jwt.filter; -import java.io.IOException; -import java.text.ParseException; +import org.apache.knox.gateway.i18n.messages.MessagesFactory; +import org.apache.knox.gateway.provider.federation.jwt.JWTMessages; +import org.apache.knox.gateway.security.PrimaryPrincipal; +import org.apache.knox.gateway.services.security.token.impl.JWT; +import org.apache.knox.gateway.services.security.token.impl.JWTToken; +import org.apache.knox.gateway.util.CertificateUtils; +import org.eclipse.jetty.http.MimeTypes; import javax.security.auth.Subject; import javax.servlet.FilterChain; @@ -29,22 +34,20 @@ import javax.servlet.ServletResponse; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; - -import org.apache.knox.gateway.i18n.messages.MessagesFactory; -import org.apache.knox.gateway.provider.federation.jwt.JWTMessages; -import org.apache.knox.gateway.security.PrimaryPrincipal; -import org.apache.knox.gateway.services.security.token.impl.JWTToken; -import org.apache.knox.gateway.util.CertificateUtils; -import org.apache.knox.gateway.services.security.token.impl.JWT; +import java.io.IOException; +import java.text.ParseException; public class SSOCookieFederationFilter extends AbstractJWTFilter { public static final String SSO_COOKIE_NAME = "sso.cookie.name"; public static final String SSO_EXPECTED_AUDIENCES = "sso.expected.audiences"; public static final String SSO_AUTHENTICATION_PROVIDER_URL = "sso.authentication.provider.url"; public static final String SSO_VERIFICATION_PEM = "sso.token.verification.pem"; - private static JWTMessages log = MessagesFactory.get( JWTMessages.class ); + private static final String ORIGINAL_URL_QUERY_PARAM = "originalUrl="; private static final String DEFAULT_SSO_COOKIE_NAME = "hadoop-jwt"; + private static final String XHR_HEADER = "X-Requested-With"; + private static final String XHR_VALUE = "XMLHttpRequest"; + private static JWTMessages log = MessagesFactory.get( JWTMessages.class ); private String cookieName; private String authenticationProviderUrl; @@ -120,7 +123,19 @@ public class SSOCookieFederationFilter extends AbstractJWTFilter { protected void handleValidationError(HttpServletRequest request, HttpServletResponse response, int status, String error) throws IOException { String loginURL = constructLoginURL(request); - response.sendRedirect(loginURL); + + /* We don't need redirect if this is a XHR request */ + if (request.getHeader(XHR_HEADER) != null && request.getHeader(XHR_HEADER) + .equalsIgnoreCase(XHR_VALUE)) { + final byte[] data = error.getBytes("UTF-8"); + response.setStatus(HttpServletResponse.SC_FORBIDDEN); + response.setContentType(MimeTypes.Type.TEXT_PLAIN.toString()); + response.setContentLength(data.length); + response.getOutputStream().write(data); + } else { + response.sendRedirect(loginURL); + } + } /**